LUKS(Linux Unified Key Setup)爲Linux硬盤加密提供了一種標準
首先對硬盤進行分區:
[root@localhost ~]# fdisk /dev/sdb
[root@localhost ~]# partprobe /dev/sdb
安裝加密工具
[root@localhost ~]# rpm -ivh /mnt/Packages/cryptsetup-1.6.7-1.el7.x86_64.rpm
設置加密分區
[root@localhost ~]# cryptsetup luksFormat /dev/sdb2
WARNING!
This will overwrite data on /dev/sda3 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
Password quality check failed:
The password is shorter than 8 characters
#密碼要超過8個字節,而且要滿足複雜性
映射
[root@localhost ~]# cryptsetup luksOpen /dev/sdb2 disk1
Enter passphrase for /dev/sdb2:
##輸入密碼
[root@localhost ~]# ll /dev/mapper/disk1
lrwxrwxrwx 1 root root 7 12月 9 20:38 /dev/mapper/disk1 -> ../dm-2
格式化加密分區
[root@localhost ~]# mkfs.xfs /dev/mapper/disk1
創建掛載點
[root@localhost ~]# mkdir /sdb2
掛載
[root@localhost ~]# mount /dev/mapper/disk1 /sdb2/
關閉加密分區
[root@localhost ~]# umount /sdb2
[root@localhost ~]# cryptsetup luksClose /dev/mapper/disk1
[root@localhost ~]# mount /dev/sdb2 /sdb2
mount: 未知的文件系統類型“crypto_LUKS”
生成加密分區的密碼文件,實現開機自動掛載加密分區
[root@localhost ~]# vim /etc/crypttab
disk1 /dev/sdb2 /root/key
#(如果這裏寫none的話,當系統啓動時在讀取分區時候,會一直停在那,等待輸入密碼)
生成密碼文件,修改文件權限
[root@localhost ~]# echo -n "pwd@123yy" > /root/key
[root@localhost ~]# chmod 700 /root/key
添加密碼文件到/dev/sdb2 中
[root@localhost ~]# cryptsetup luksAddKey /dev/sdb2 /root/key
Enter any passphrase: ##輸入密碼
[root@localhost ~]# vim /etc/fstab
/dev/mapper/disk1 /sdb2 xfs defaults 0 0
[root@localhost ~]# mount -a
mount: special device /dev/mapper/disk1 does not exist
reboot重啓生效
[root@localhost ~]# mount -a
[root@localhost ~]#